Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiEDR/XDR 6.2.0 Administration Guide
    6.2.0
    6.2.0
    6.0.0
    5.2.1
    5.2.0
    5.1.0
    5.0.0
    4.2.0
    4.1.1
    4.1.0

    Other options in the Event Viewer

    Other options in the Event Viewer

    Option

    Description
    Sorting Events Click any column name to sort security events. For example, you may want to sort by process and collector in order to see the history of everything that happened to that process on that device.
    Free text search

    Enter text in the search field.

    By default, the System Defined option is selected, which specifies that the search is performed on the most relevant fields and then the event list is filtered accordingly. Alternatively, from this dropdown menu, you can select the field(s) that are searched, as follows:

    Select a specific field when you know what you are searching (meaning whether it is ID, Process name or so on) in order to get results faster.

    Searching For Events

    Click the down arrow in the Search Event field to display a variety of search options . When the Event Viewer display is filtered by a search, the Search Event field displays the words Multiple search . To redisplay all the security events (unfiltered), click .

    Note

    • The User field refers to the employee’s username on the computer and on the FortiEDR Manager.

    • You can select one or more action types in the AIR Action dropdown list.
    Time Filter Click the down arrow in the Time Filter to display a list of time period options. The default is Last 30 days.
    Archiving Events

    Click the Archive button () to archive the selected security events. These security events are not deleted. You can display them using the Search option (described above) and selecting the included Archived Events option.

    Note

    To unarchive a security event, click the Unarchive button (), and then confirm the unarchive action in the window that displays.
    Exporting Events Click the Export button () to export the selected security events to Excel.
    Deleting Events

    Click the Delete button () to completely delete a security event from the FortiEDR system.

    Note

    A deleted security event cannot be restored or retrieved. Unless you are having storage capacity issues, we highly recommend just hiding security events and not deleting them.
    Exception Manager Click the Exception Manager button () to access the Exception Manager.

    Investigating Events

    		 In the Advanced Data pane, click the Investigation View () button for a graphical and interactive view to further drill down the chain of activities involved in the event.
    Previous
    Next

    Other options in the Event Viewer

    Other options in the Event Viewer

    Option

    Description
    Sorting Events Click any column name to sort security events. For example, you may want to sort by process and collector in order to see the history of everything that happened to that process on that device.
    Free text search

    Enter text in the search field.

    By default, the System Defined option is selected, which specifies that the search is performed on the most relevant fields and then the event list is filtered accordingly. Alternatively, from this dropdown menu, you can select the field(s) that are searched, as follows:

    Select a specific field when you know what you are searching (meaning whether it is ID, Process name or so on) in order to get results faster.

    Searching For Events

    Click the down arrow in the Search Event field to display a variety of search options . When the Event Viewer display is filtered by a search, the Search Event field displays the words Multiple search . To redisplay all the security events (unfiltered), click .

    Note

    • The User field refers to the employee’s username on the computer and on the FortiEDR Manager.

    • You can select one or more action types in the AIR Action dropdown list.
    Time Filter Click the down arrow in the Time Filter to display a list of time period options. The default is Last 30 days.
    Archiving Events

    Click the Archive button () to archive the selected security events. These security events are not deleted. You can display them using the Search option (described above) and selecting the included Archived Events option.

    Note

    To unarchive a security event, click the Unarchive button (), and then confirm the unarchive action in the window that displays.
    Exporting Events Click the Export button () to export the selected security events to Excel.
    Deleting Events

    Click the Delete button () to completely delete a security event from the FortiEDR system.

    Note

    A deleted security event cannot be restored or retrieved. Unless you are having storage capacity issues, we highly recommend just hiding security events and not deleting them.
    Exception Manager Click the Exception Manager button () to access the Exception Manager.

    Investigating Events

    		 In the Advanced Data pane, click the Investigation View () button for a graphical and interactive view to further drill down the chain of activities involved in the event.
    Previous
    Next